HIPAA Right of Access Violation

Demonstrating their continued focus on right of access violations, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced 11 settlements and one HIPAA fine for medical practices across a wide variety of specialties.

An examination of the specifics of each incident cites several reasons by the covered entities for not providing the requested records, including:

  • Complete failure to respond
  • Withholding records because of nonpayment
  • Misunderstanding the scope of a durable power of attorney
  • Employee misunderstanding of HIPAA right of access

These actions by OCR illustrate that HIPAA compliance is about ensuring the privacy of patients’ protected health information (PHI) and providing patients with access to their health records in a timely manner.

Illinois Podiatry Practice Hit with $100,000 HIPAA Fine

OCR lowered the boom on ACPM Podiatry, based in Peoria, Illinois, with a $100,000 fine for HIPAA right of access violations. According to OCR, the agency provided ACPM with written technical assistance regarding the Privacy Rule’s right of access standard and closed the matter.

Following a second complaint from the same individual alleging ACPM had still not provided the requested records, OCR sent multiple requests for information, a Letter of Opportunity, and a Notice of Proposed Determination. After all of OCR’s attempts at communication were unsuccessful, the agency issued a Letter of Final Determination and a $100,000 civil monetary penalty.

New York Eye Practice is Too Late to Prevent $22,500 Settlement

Associated Retina Specialists, an ophthalmology practice in New York City, waited five months to respond to a patient’s request for her medical records. By that time, OCR’s investigation into the matter had been going on for three days. Associated Retina agreed to take corrective action and pay $22,500 to settle a potential violation of the HIPAA Privacy Rule right of access standard.

Let’s Simplify Compliance

Avoid HIPAA fines. Become compliant today!

Learn More!
HIPAA Seal of Compliance

Maryland Dentist’s Failure to Comply Costs $5,000

A patient of Baltimore, Maryland, dentist Dr. Lawrence Bell, Jr.’s practice requested a copy of their medical records on July 15, 2019. Four months later, the patient filed a complaint with OCR because the records had not been provided.

The practice agreed to take corrective actions and has paid $5,000 to settle a potential violation of the HIPAA Privacy Rule’s right of access standard.

Florida ENT Practice Pays $20,000 to Settle Right of Access Complaint

Two requests for medical records from the same patient resulted in two complaints to OCR for Coastal Ear, Nose, and Throat (ENT) in Ormond Beach, Florida. The patient made requests in December 2020 and January 2021 and filed complaints with OCR in January and April 2021.

The practice did not respond to the patient’s requests until